When you connect OpenClaw to email systems — processing inbound messages, auto-replying, or routing support tickets — you are handling some of the most sensitive data in any organization. Email is the #1 attack vector for phishing, credential theft, and social engineering.
This guide covers how to secure your OpenClaw email integration with proper encryption, anti-phishing measures, and access controls that protect both your users and your AI agent.
OpenClaw email integrations face unique risks:
Addressing these risks requires a layered security approach covering transport, storage, and application-level protections.
All email connections must use TLS 1.2+. Configure your OpenClaw email integration to reject plaintext connections:
# OpenClaw email configuration
email:
imap:
host: imap.yourdomain.com
port: 993
security: ssl # Force SSL/TLS, never plain
tls_min_version: "1.2"
verify_certificate: true
smtp:
host: smtp.yourdomain.com
port: 587
security: starttls # Upgrade to TLS
tls_min_version: "1.2"
verify_certificate: true
Never use port 25 (unencrypted SMTP) or port 143 (unencrypted IMAP) for OpenClaw integrations. On Tencent Cloud Lighthouse — simple, high-performance, cost-effective — you can configure firewall rules to block these ports entirely.
If OpenClaw sends emails on behalf of your domain, configure email authentication records to prevent spoofing:
# SPF Record - DNS TXT record
v=spf1 ip4:YOUR_LIGHTHOUSE_IP include:_spf.google.com -all
# DKIM - Generate keys
sudo apt install opendkim opendkim-tools
opendkim-genkey -s openclaw -d yourdomain.com -b 2048
# Add the public key as a DNS TXT record: openclaw._domainkey.yourdomain.com
# DMARC - DNS TXT record
_dmarc.yourdomain.com TXT "v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com; pct=100"
DMARC with p=reject ensures that spoofed emails pretending to be from your OpenClaw instance are rejected by recipient mail servers.
Never store email credentials in plain text configuration files:
# Use environment variables
export OPENCLAW_IMAP_PASSWORD=$(cat /run/secrets/imap_password)
export OPENCLAW_SMTP_PASSWORD=$(cat /run/secrets/smtp_password)
# Or use Docker secrets
echo "your_imap_password" | docker secret create openclaw_imap_pass -
For Docker Compose deployments:
services:
openclaw:
image: openclaw/openclaw:latest
secrets:
- imap_password
- smtp_password
environment:
- IMAP_PASSWORD_FILE=/run/secrets/imap_password
- SMTP_PASSWORD_FILE=/run/secrets/smtp_password
secrets:
imap_password:
file: ./secrets/imap_password.txt
smtp_password:
file: ./secrets/smtp_password.txt
OpenClaw AI agents can be targeted by prompt injection via email. An attacker sends a crafted email that tricks the AI into revealing system prompts, API keys, or executing unintended actions.
Implement pre-processing filters:
# email_security_filter.py
import re
PHISHING_PATTERNS = [
r"ignore\s+(previous|all)\s+instructions",
r"system\s+prompt",
r"reveal\s+(your|the)\s+(api|secret|key|password)",
r"execute\s+(command|shell|code)",
r"urgent.*wire\s+transfer",
r"click\s+here.*verify\s+your\s+account",
]
SUSPICIOUS_INDICATORS = [
"reply-to differs from sender domain",
"contains executable attachments",
"multiple URL redirects",
"homoglyph characters in domain",
]
def scan_email(subject, body, headers):
"""Scan incoming email for phishing indicators"""
risk_score = 0
flags = []
for pattern in PHISHING_PATTERNS:
if re.search(pattern, body, re.IGNORECASE):
risk_score += 30
flags.append(f"Pattern match: {pattern}")
# Check for mismatched reply-to
if headers.get('reply-to') and headers.get('from'):
from_domain = headers['from'].split('@')[-1]
reply_domain = headers['reply-to'].split('@')[-1]
if from_domain != reply_domain:
risk_score += 25
flags.append("Reply-to domain mismatch")
return {
"risk_score": risk_score,
"flags": flags,
"action": "block" if risk_score > 50 else "review" if risk_score > 20 else "allow"
}
Prevent your OpenClaw agent from accidentally leaking sensitive data in email responses:
# outbound_sanitizer.py
import re
SENSITIVE_PATTERNS = [
(r'\b[A-Za-z0-9]{32,}\b', '[REDACTED_KEY]'), # API keys
(r'\b\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}\b', '[REDACTED_CARD]'), # Credit cards
(r'password\s*[:=]\s*\S+', 'password: [REDACTED]'), # Passwords
(r'\b\d{3}-\d{2}-\d{4}\b', '[REDACTED_SSN]'), # SSN
]
def sanitize_response(text):
"""Remove sensitive data from AI-generated email responses"""
for pattern, replacement in SENSITIVE_PATTERNS:
text = re.sub(pattern, replacement, text, flags=re.IGNORECASE)
return text
Restrict which email addresses can trigger OpenClaw actions:
# Allowlist configuration
email_security:
allowed_senders:
- "*@yourdomain.com"
- "partner@trusteddomain.com"
blocked_senders:
- "*@disposable-email.com"
max_email_size_mb: 10
allowed_attachment_types:
- ".pdf"
- ".txt"
- ".csv"
audit_log: /var/log/openclaw/email_audit.log
Email security for OpenClaw is not just about encryption in transit — it requires credential protection, anti-phishing filters, content sanitization, and strict access controls. The AI agent is both an asset and a potential target, so securing the email pipeline is critical.
Run your secured OpenClaw email integration on Tencent Cloud Lighthouse — simple, high-performance, cost-effective — with built-in firewall management and stable networking for reliable email processing.
For OpenClaw setup details, see the configuration guide.